Date: Tue, 25 Jun 2002 04:48:14 -0600 (MDT) From: Brett Glass <brett@lariat.org> To: freebsd-security@FreeBSD.ORG, klaus@compt.com Subject: Re: all this talk of privilege separation ... Message-ID: <200206251048.EAA23742@lariat.org> In-Reply-To: <20020625063412.U589@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Privilege separation is an architecture that implements the "principle of minimum privilege" with relatively fine granularity. Apache does it when the master process spawns a pool of unprivileged worker processes. OpenSSH with privilege separation does something similar: It forks tasks with no privilege to handle network traffic and tasks that require no privilege, leaving a small "master" task to handle what must be done at an elevated privilege. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206251048.EAA23742>